<?php 

include "../include/db.php";


if ($_POST["username"] != "" && $_POST["password"] != "") {

$in_username	= $_POST["username"];
$in_password	= $_POST["password"];
$login_proceed = 0;




	$result = mysql_query ("SELECT * FROM users WHERE user_name = '$in_username'", $db);
	$line = mysql_fetch_array($result);
	
	$username		= $line["user_name"];
	$user_pass		= $line["user_pass"];
	$user_level		= $line["user_level"];
	


//***** Check if password entered is correct
if (md5($in_password) == $user_pass){
	$login_proceed = 1;}
	else{$login_proceed = 0;$loginF="Your User ID and/or Password was incorrect";}




//*******************************
//LOGIN IF CREDIENTIALS ARE GOOD
if($login_proceed == 1){


$_SESSION[$prefix."_username"] = $username;
$_SESSION[$prefix."_security"] = $user_level;



header("Location: ../admin/"); exit;


}//END LOGIN

}//END POST

?>


<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>SFF Login</title>

</head>

<body>


             	
            <h2>Login</h2>
            
            <?php if ($loginF) { ?>
            <div class="errorbgd">
            <?php echo $loginF."<br>Please make sure your user ID and password are typed correctly.</p>"; ?>           
            </div>
            <?php }?>
            
               
	<FORM METHOD="POST" ACTION="" >

			<p>Username: <input type="text" id="username" name="username"  /></p>
			<p>Password: <input type="password" id="password" name="password" /></p>
			
			<input type="hidden" name="type" value="student" />
			<input type="submit" value="Login" title="Login">
	</form>	

</body>
</html>